Cyber Security News Roundup – 6th February 2023

It's the beginning of a new week, and that means a round up of what's been going on in the world of cyber security and data protection over the last 7 days! To learn more about each story, click the headings.

JD Sports Says Hackers Stole Data of 10 Million Customers 30/01

UK based sports and fashion retailer JD Sports has warned that online order information for over 10 million customers has been leaked following a recent data breach. The leaked information on orders placed between November 2018 and October 2020, included sensitive data such as names, email addresses, phone numbers, and the final four digits of card numbers. JD Sports stated that they detected the unauthorised access instantly and quickly responded to prevent any further access, but customers are being warned to stay vigilant for attempted phishing and social engineering. (Bleeping Computer)

Researchers Uncover Packer Used by Several Malware to Evade Detection for 6 Years 31/01

Researchers have uncovered a shellcode based packer named Trickgate, that has been successfully used for the last 6 years without attracting notice. Trickgate has been used to deploy a variety of malware, including Trickbot, Emotet and REvil, evading detection due to its transformative nature, with periodic changes making it a ‘master of disguise’. Trickgate’s infection chain begins with phishing emails containing malicious files or links that download the shellcode loader, before launching the payload into the system memory. (The Hacker News)

Arnold Clark Customer Data 'Stolen in Cyber Attack' 02/02

Scotland based car retailer Arnold Clark has admitted that its customers’ personal data may have been stolen in a recent cyber attack. After detecting suspicious activity the company shut down their entire network in the early hours of Christmas Eve, but not before attackers were able to extract sensitive personal data. Arnold Clark retains the passports and driving licenses of its customers, as well as sensitive information and national insurance numbers which could put anyone affected at risk of identity fraud.  (BBC News)

LockBit Ransomware Gang Releases LockBit Green Version 02/02

The LockBit criminal group has released a new version of their infamous LockBit ransomware, LockBit Green, designed to target cloud based services. Intelligence researchers from SentinelOne noted that the latest LockBit version contains significant overlaps with the source code of the Conti Ransomware, which was leaked in March 2022. LockBit now seems to be focused on targeting cloud environments, as victims tend to store valuable information on these infrastructures, and it is extremely likely that the criminal gang will continue to improve their ransomware. (Cyber News)

Massive ESXiArgs Ransomware Attack Targets VMware ESXi Servers Worldwide 03/02

Businesses employing VMware ESXi servers are being targeted globally by a new EXSiArgs ransomware due to an unpatched two year old remote code execution flaw. Unauthenticated threat actors are able to manipulate vulnerability CVE-2021-21974 in low complexity attacks, and according to Censys Research approximately 3,200 EXSi servers have been compromised worldwide. (Bleeping Computer)

Attempted cyber attacks occur every second, and as we can see from the recent headlines, constantly change in nature. It's vital that your organisation is as protected as possible from all forms of cyber crime, so Contact Celerity to find out how we could protect your business!